Outdated ADMesh Sources (CVE-2022-38072) #5191
Description
The project contains unpatched sources from ADMesh, in which CVE-2022-38072 was reported with high severity. The function stl_fix_normal_directions() from Slic3r/xs/src/admesh/normals.c does not include security patches and updates available in newer versions of ADMesh. The fix for CVE can be found in this commit: ADMesh commit.
If the affected function is used somewhere, I recommend updating it to the latest version.
My report was primarily based on a static analysis tool developed at CAST, which flagged the potential vulnerability due to similarities in the codebase.